Support GPG signing RPM packages #141

alexrecarey opened this Issue Jan 3, 2012 · 4 comments

4 participants


Just an idea, as I do not know how difficult it will be to implement, and I am not adept enough in Ruby to code it myself.

Signing RPM's is a great way to trust the packages you are installing, and just good practice all around.


Thanks for the idea! Someone will surely need this and patch it in if I don't get to it first :)


any news on this? also is there a way to sign DEB files today? cant find it or should this ticket include both?


I haven't had energy to write this feature yet for RPM. Same for deb, though with debs I have found that in practice, nobody signs their debs, but many sign apt repos - even debian/ubuntu upstream only sign the apt repo listings, not the packages themselves.

Feel free to file a separate ticket for deb package signing :)


Just need to pass --sign to rpmbuild via a command line switch, there is nothing else that can be done by fpm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment